What is an Adversary in the Middle Attack, can they be prevented?

In this video, we take a focused look at Adversary‑in‑the‑Middle (AITM) attacks following the Stryker incident, breaking down how modern identity attacks bypass traditional controls—and what defenders can do to stop them.

We start with Microsoft Entra ID, examining the role of MFA and why MFA alone is no longer sufficient. From there, we dive into Entra ID Protection, covering User Risk and Sign‑in Risk policies, how they detect compromised credentials, and how they enable real‑time response to suspicious authentication activity.

We then move beyond identity into device trust, showing how strict Intune compliance policies combined with Entra Conditional Access can significantly reduce risk. This includes requiring compliant devices, enforcing strong posture checks, and limiting access when credentials are compromised.

Finally, we cover a critical but often overlooked control: device enrollment restrictions. By limiting enrollment to one device per user per platform, you can reduce blast radius and prevent attackers from enrolling additional devices after a breach.

This video is for security engineers and identity administrators who want to:

Understand how AITM attacks work in practice

See why MFA bypass is becoming more common

Use Entra ID Protection and Conditional Access to reduce identity risk

Combine Entra and Intune to enforce Zero Trust effectively

If you’re responsible for securing identities in Microsoft 365 or Entra ID, this walkthrough turns hard‑learned lessons into practical defensive controls.